<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <link rel=StyleSheet HREF="../stylesheet/stylesheet.css" TYPE="text/css" MEDIA=screen>
            <title>Shop Management System</title>
            <?php include('menu.php'); ?>
<script language="javascript">

function open_popup(){
	
	if(document.formedit.firstname.value == "")
	{
		alert('กรุณากรอกชื่อ');
		document.formedit.firstname.focus();
		return false;
	}
	
	if(document.formedit.lastname.value == "")
	{
		alert('กรุณากรอกนามสกุล');
		document.formedit.lastname.focus();
		return false;
	}
	
	if(document.formedit.username.value == "")
	{
		alert('กรุณากรอกชื่อผู้ใช้งานระบบ');
		document.formedit.username.focus();
		return false;
	}
	
	if(document.formedit.phone.value == "")
	{
		alert('กรุณากรอกเบอร์โทรศัพท์');
		document.formedit.phone.focus();
		return false;
	}

	if(document.formedit.password.value != document.formedit.password2.value)
	{
		alert('กรุณากรอกรหัสผ่านให้ตรงกัน');
		document.formedit.password.focus();
		return false;
	}
	
	formedit.submit();
}
</script>
</head>
<body>
<?php
include("../connect/connect.php");


//แก้ไข
if($_GET["action"]=="update") {

	if($_POST['firstname'] != "" AND $_POST['lastname'] != "" AND $_POST['username'] != "" AND $_POST['phone'])
		{
		if($_POST['password']!="" && $_POST['password2'] !="") {
			$Query = "UPDATE user SET password = '".$_POST["password"]."',firstname = '".$_POST["firstname"]."',lastname = '".$_POST["lastname"]."',phone = '".$_POST["phone"]."' WHERE user_id = '".$_POST["user_id"]."'";
			$objQuery = mysql_query($Query);
			
			echo "<script type=\"text/javascript\"> window.location=\"edit_profile.php\"</script>";
			exit();
			} else {
			$Query = "UPDATE user SET username = '".$_POST["username"]."',firstname = '".$_POST["firstname"]."',lastname = '".$_POST["lastname"]."',phone = '".$_POST["phone"]."' WHERE user_id = '".$_POST["user_id"]."'";
			$objQuery = mysql_query($Query);
			
			echo "<script type=\"text/javascript\"> window.location=\"edit_profile.php\"</script>";
			exit();
			}
		}
}

$Query = "SELECT * FROM user WHERE user_id = '".$_COOKIE["user_id"]."'";
$objQuery = mysql_query($Query) or die ("Error Query [".$Query."]");
$row = mysql_fetch_array($objQuery);
?>
					<form action="?action=update" name="formedit" method="post" id="formedit">
                    <div class="box">
                        <div class="left"></div>
                        <div class="right"></div>
                      <div class="heading">
                            <h1>แก้ไขข้อมูลส่วนตัว <?php echo $_COOKIE["username"]; ?></h1> 
					<div class="buttons"><a onclick="open_popup();" class="button"><span>บันทึก</span></a><a onclick="location = 'product_manage.php';" class="button"><span>ยกเลิก</span></a></div>
                      </div>
                        <div class="content">
                          <table class="form">
                            <tr>
                              <td>ชื่อ : </td>
                              <td><input name="firstname" type="text" id="firstname" value="<?php echo $row["firstname"];?>" maxlength="100" />
                                  <input type="hidden" name="user_id" id="user_id" value="<?php echo $row["user_id"];?>"></td>
                            </tr>
                            <tr>
                              <td>นามสกุล : </td>
                              <td><input name="lastname" type="text" id="lastname" value="<?php echo $row["lastname"];?>" maxlength="100" /></td>
                            </tr>
                            <tr>
                              <td>ชื่อผู้ใช้งานระบบ : </td>
                              <td><input name="username" type="text" readonly="readonly" id="username" value="<?php echo $row["username"];?>" maxlength="32" />
                              *ไม่สามารถแก้ไขได้</td>
                            </tr>
                            <tr>
                              <td>รหัสผ่านใหม่ : </td>
                              <td><input name="password" type="password" id="password" maxlength="32" />
                                *กรอกเมื่อต้องการเปลี่ยนรหัสผ่าน</td>
                            </tr>
                            <tr>
                              <td>ยืนยันรหัสผ่านใหม่ : </td>
                              <td><input name="password2" type="password" id="password2" maxlength="32" />
                                *กรอกเมื่อต้องการเปลี่ยนรหัสผ่าน</td>
                            </tr>
                            <tr>
                              <td>เบอร์โทรศัพท์ : </td>
                              <td><input name="phone" type="text" id="phone" value="<?php echo $row["phone"];?>" maxlength="10" /></td>
                            </tr>
                          </table>
                        </div>
                    </div>
				</form>
                </body>
                </html>
